eprintid: 10084101
rev_number: 20
eprint_status: archive
userid: 608
dir: disk0/10/08/41/01
datestamp: 2019-10-23 11:07:21
lastmod: 2021-11-11 23:31:53
status_changed: 2019-10-23 11:07:21
type: article
metadata_visibility: show
creators_name: Ani, UPD
creators_name: He, HM
creators_name: Tiwari, A
title: A framework for Operational Security Metrics Development for industrial control environment
ispublished: pub
divisions: UCL
divisions: B04
divisions: C05
divisions: J39
keywords: OSMD framework, security metrics, Operational Security metrics, industry control environments, security measurement
note: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
abstract: Security metrics are very crucial towards providing insights when measuring security states and susceptibilities in industrial operational environments. Obtaining practical security metrics depend on effective security metrics development approaches. To be effective, a security metrics development framework should be scope-definitive, objective-oriented, reliable, simple, adaptable, and repeatable (SORSAR). A framework for Operational Security Metrics Development (OSMD) for industry control environments is presented, which combines concepts and characteristics from existing approaches. It also adds the new characteristic of adaptability. The OSMD framework is broken down into three phases of: target definition, objective definition, and metrics synthesis. A case study scenario is used to demonstrate an instance of how to implement and apply the proposed framework to demonstrate its usability and workability. Expert elicitation has also be used to consolidate the validity of the proposed framework. Both validation approaches have helped to show that the proposed framework can help create effective and efficient ICS-centric security metrics taxonomy that can be used to evaluate capabilities or vulnerabilities. The understanding from this can help enhance security assurance within industrial operational environments.
date: 2018-12-13
date_type: published
publisher: Informa UK Limited
official_url: https://doi.org/10.1080/23742917.2018.1554986
oa_status: green
full_text_type: other
language: eng
primo: open
primo_central: open_green
article_type_text: Journal Article
verified: verified_manual
elements_id: 1708612
doi: 10.1080/23742917.2018.1554986
language_elements: English
lyricists_name: Ani, Daniel
lyricists_id: UANIX02
actors_name: Flynn, Bernadette
actors_id: BFFLY94
actors_role: owner
full_text_status: public
publication: Journal of Cyber Security Technology
volume: 2
number: 3-4
pagerange: 201-237
issn: 2374-2925
citation:        Ani, UPD;    He, HM;    Tiwari, A;      (2018)    A framework for Operational Security Metrics Development for industrial control environment.                   Journal of Cyber Security Technology , 2  (3-4)   pp. 201-237.    10.1080/23742917.2018.1554986 <https://doi.org/10.1080/23742917.2018.1554986>.       Green open access   
 
document_url: https://discovery.ucl.ac.uk/id/eprint/10084101/11/Ani_A%20framework%20for%20Operational%20Security%20Metrics%20Development%20for%20industrial%20control%20environment_AAM.pdf